Bugtraq mailing list archives
Re: [HERT] Advisory #002 Buffer overflow in lsof
From: leb () NASIRC HQ NASA GOV (Lee Brotzman)
Date: Mon, 22 Feb 1999 16:03:18 -0500
On Fri, 19 Feb 1999, Mariusz Marcinkiewicz wrote:On Thu, 18 Feb 1999, Don Lewis wrote:... or are there systems that give group kmem write privileges? If so, I'd say that's a security hole.Yes, you are right... but... I saw that hole after installing new linx and checked it's security. First I was suprised but not for a long time. In a few mins I noticed all linux versions are chown .kmem; chmod g+s lsof... on linux /dev/kmem is +w for gid kmem, on bsd too (probably, ISorry, no go. FreeBSD 2.2-STABLE and 4.0-CURRENT, the two versions I have sitting around, have the following permissions on /dev/kmem: crw-r----- 1 root kmem 2, 1 Mar 7 1998 /dev/kmem Please verify claims such as these before posting them.
I have to agree. On my installation of Caldera OpenLinux 1.2, I see the following: $ ls -l /usr/sbin/lsof -rwxr-xr-x 1 root root 72492 Jan 7 1998 /usr/sbin/lsof $ ls -l /dev/kmem crw-r----- 1 root kmem 1, 2 Jul 29 1998 /dev/kmem No SetGID on lsof, no +w on /dev/kmem. For the claim of "all linux versions", just which linux versions were you talking about? -- -- Lee E. Brotzman, NASA Automated Incident Response Capability (NASIRC) -- Phone: 814-861-5028 Fax: 814-861-3806 Email: leb () nasirc hq nasa gov
Current thread:
- Re: [HERT] Advisory #002 Buffer overflow in lsof Don Lewis (Feb 18)
- Re: [HERT] Advisory #002 Buffer overflow in lsof Vic Abell (Feb 18)
- Re: [HERT] Advisory #002 Buffer overflow in lsof Mariusz Marcinkiewicz (Feb 18)
- Re: [HERT] Advisory #002 Buffer overflow in lsof Robert Watson (Feb 19)
- Re: [HERT] Advisory #002 Buffer overflow in lsof Lee Brotzman (Feb 22)
- NcFTPd remote buffer overflow Julien Nadeau (Feb 23)
- Re: [HERT] Advisory #002 Buffer overflow in lsof Alan Cox (Feb 19)
- Re: [HERT] Advisory #002 Buffer overflow in lsof Alex Shnitman (Feb 20)
- Re: [HERT] Advisory #002 Buffer overflow in lsof Wichert Akkerman (Feb 21)
- Possible DOS attack in the .nu domain service Shane Wegner (Feb 20)
- Severe Security Hole in ARCserve NT agents (fwd) Weld Pond (Feb 21)
- Administrivia Aleph One (Feb 22)
- Re: [HERT] Advisory #002 Buffer overflow in lsof Robert Watson (Feb 19)
- <Possible follow-ups>
- Re: [HERT] Advisory #002 Buffer overflow in lsof Friedrichs, Oliver (Feb 18)
- Re: [HERT] Advisory #002 Buffer overflow in lsof Eric Stevens (Feb 19)
- Re: [HERT] Advisory #002 Buffer overflow in lsof johann sebastian bach (Feb 19)